Home / server / Questions / 509456
In Process
Gajus
Asked: 2013-05-21 22:53:06 +0800 CST

Is there a log to see when a user is trying to access file/directory that he doesn't have permission?

  • 772

My database is failing to replicate and the only clue in the error log is Operation Not Permitted, which I am guessing is file access permission failure either on donar or joiner. Is there any file that I could tail to see what exactly files does the user/process is trying read/write/execute?

mysql

1 Answers

  1. The auditd(8) daemon provides the functionality you request in your question. It is configured in the /etc/audit/auditd.conf file, and its syntax is described in the auditd.conf(5) manual page.

    You need to install and enable the daemon, and configure the /etc/audit/audit.rules to audit those events you consider relevant. And example from the audit.rules(7) manpage:

       -a always,exit -F arch=b32 -S open -S openat -F exit=-EACCES -k access
   -a always,exit -F arch=b32 -S open -S openat -F exit=-EPERM -k access
   -a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k access
   -a always,exit -F arch=b64 -S open -S openat -F exit=-EPERM -k access

    Read the auditctl(8) manpage for an explanation of all the options used in the examples.

    For later analysis/reporting, you can use the ausearch(8) and aureport(8) tools.

    • 1